Let's talk about your project today

The “Spectre” and “Meltdown” Flaws and Their Impacts on Customers Using Logic PD SOMs

Updated on October 25, 2018

Spectre/Meltdown Overview:

A general description of both Spectre and Meltdown design flaws can be found at the links below:

https://meltdownattack.com/

https://spectreattack.com/

Does the Spectre design flaw impact Logic PD customers?

Yes – Spectre is described as variant 1 and variant 2.  The ARM Cortex-A8 and ARM Cortex-A9 are both documented as affected by the Spectre variants 1 and 2.  See the “Is your Logic PD SOM impacted?” section below for impact per SOM.

Does the Meltdown design flaw impact Logic PD customers?

No – The only ARM cores documented as impacted by Meltdown are Cortex-A15, Cortex-A57, Cortex-A72, and Cortex-A75.  Therefore, none of the Logic PD SOM are impacted by the Meltdown design flaw.  Specific information on which ARM cores are impacted can be found below in the “ARM Processor Related Information” section.

Spectre/Meltdown Technical Details:

Detailed information has been published regarding Spectre (variants 1 and 2) and Meltdown (variant 3).  Additional information can be found by accessing the Google Project Zoo.

Details on the bugs are also located in the National Vulnerability Database.

The design flaws are referred to as (variant 1 CVE-2017-5753 and variant 2 CVE-2017-5715) for Spectre and (variant 3 CVE-2017-5754) for Meltdown.

Below are additional links that discuss the Spectre and Meltdown design flaws as they relate to processors and software packages used by Logic PD customers.

ARM Processor Related Information:

Updates provided by ARM regarding the Spectre bug can be found here:

https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

Cache Speculation Side-channels whitepaper provided by ARM can be accessed here:

https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/download-the-whitepaper

Linux/Android OS Related Information:

ARM has posted some fixes to the Linux Kernel, which can be found here: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.77

Various efforts are underway to backport these mitigations to older versions of the Kernel; however, Kernel 3.0 will not receive these backports.  Customers wishing to get the fixes ported to the 3.0 kernel are encouraged to contact Logic PD to discuss their options.

Support for the OMAPL138 and AM1808 (both unaffected by Spectre), as well as the affected SOMs (AM3517, OMAP35/DM37 Torpedo and the OMAP/DM37 based SOM-LV) have been available in the mainline Linux community.  The Linux community is making available many kernel patches related to the Spectre/Speculation fixes specifically targeting the Cortex-A8 and Cortex-A9, which is used by the OMAP3 and i.MX6 families, respectively.  Customers are encouraged to update their kernel to the latest long-term-support kernels whenever possible.

Customers looking to continue using Linux BSPs provided by Logic PD are encouraged to contact Logic PD Support for their software roadmap, which will include the latest Spectre patches.

Microsoft OS Related Information

Microsoft has released the following updates to help their customers better understand the effects of “Spectre” and “Meltdown”.

Protect your Windows devices against Spectre and Meltdown

Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems

Microsoft is no longer supporting WinCE 5.0.  Support for WinCE 6.0 will be ending soon and there is no plan for them to provide a patch at this time.

Microsoft has completed their investigation to the impact of the Spectre bug when using their Windows Embedded Compact 7 OS and Windows Embedded Compact 2013 OS.  Microsoft has determined that changes required to prevent an attack by exploiting the Spectre bug would require cooperation between both the chipset vendor and the OS vendor.  The relevant OS features are central to the kernel within the Windows CE OS.  These changes could have a widespread impact.  Since devices using Windows CE OS are usually locked down and isolated in a closed system, Microsoft expects the exposure to be low.  Due to the risk of making such kernel changes, Microsoft currently does not have any plans to publish a patch to address the Spectre bug.

Is your Logic PD SOM impacted?

Please check the table below to determine if any of the Logic PD SOM(s) used in your design are considered affected by either the Spectre and/or Meltdown design flaw.

Logic PD SOMs ProcessorARM CoreImpactedPhase1
PXA270 Card EngineMarvell PXA720XScale® (V5TE-compliant)NoEnd of Life
OMAP35x SOM-LVTI OMAP3530/OMA3503Cortex™-A8Yes2Maintenance
OMAP35x Torpedo SOMTI OMAP3530/OMA3503Cortex™-A8Yes2Maintenance
AM1808 SOM-M1TI AM1808ARM926EJ-SNoMaintenance
OMAPL138 SOM-M1TI OMAPL138ARM926EJ-SNoMaintenance
AM3517 SOM-M2TI AM3517Cortex™-A8Yes2Maintenance
DM3730/AM3703 SOM-LVTI DM3730/AM3703Cortex™-A8Yes2Maintenance
DM3730/AM3703 Torpedo SOMTI DM3730/AM3703Cortex™-A8Yes2Maintenance
DM3730/AM3703 Torpedo + Wireless SOMTI DM3730/AM3703Cortex™-A8Yes2Maintenance
i.MX6 SOM-M3NXP i.MX6Cortex™-A9 Single, Dual, QuadYes2Maintenance
Zynq-7000 SOMXilinx Zynq Z-7020Cortex™-A9 DualYes2Maintenance

1- Phase refers to the Current Logic PD BSP Development Phase.
2- Impacted for variant 1 and variant 2.

How will Logic PD provide support for SOMs impacted by either the Spectre and/or the Meltdown design flaws?

All Logic PD SOM products come with one or more royalty-free reference BSPs (Linux, Android, Windows CE).  After a Logic PD SOM product has been publicly released, Logic PD maintains that product throughout its life and manages parts and obsolescence issues (as well as corresponding hardware and software changes) on behalf of our customers. Logic PD also provides levels of software support and maintenance that you can expect over the life of your product.

Following the end of the optimization phase and until the SOM has been retired, the software is changed if there is a significant issue that affects many customers or if there is a hardware change – such as when a part on the SOM goes end-of-life (EOL) – that requires a corresponding software fix.  Logic PD is closely monitoring the effects of the Spectre and Meltdown design flaws.

Logic PD will continue to update this forum post so customers know how to best update their software to minimize the impact of these design flaws.

Is additional development support available?

Yes, please contact Logic PD support if you would like additional assistance regarding how to best support your specific project against an attack.

Share

Contact Logic PD and get started today.

We help deliver innovative solutions that conquer today’s complex and connected product challenges and optimize your market potential.